House Panel Urges Federal Privacy Guidelines for Apps, Web Services
Members of the House Judiciary Internet Subcommittee reaffirmed their support for baseline privacy guidelines for mobile and Web services that collect, use and sell personal information. The call at a hearing Tuesday comes as NTIA prepares for its first meeting with multi-stakeholder representatives to develop legally enforceable privacy codes of conduct. (See separate report in this issue.) Industry representatives from eBay, TRUSTe and mobile application developers said they too supported basic federal privacy guidelines to bolster the industry’s self-regulatory privacy regime.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
Subcommittee Ranking Member Mel Watt, D-N.C., said Congress must act to change the “false sense of privacy” held by mobile and Web users who often don’t understand the lengthy privacy policies they are offered. “It seems clear to me that consumers remain in a vulnerable position and are required to place an enormous amount of blind trust.”
Subcommittee Chairman Bob Goodlatte, R-Va., cautioned lawmakers not to burden companies and innovators with “undue barriers to access.” “It is important that as we think about the best interest of our consumers and the Internet user community, we continue to encourage and not stifle innovation. One of the most important things private sector companies can do to self-regulate and innovate when it comes to privacy is to make sure notices and privacy policies are easy to understand.”
The challenge with self-regulation is that “it leaves consumers with uncertainty,” Scott Shipman, eBay associate general counsel, told the subcommittee. He agreed with Watt that federal baseline provisions are needed and said eBay supports a federal omnibus privacy bill to provide consumers with some level of certainty. TRUSTe CEO Chris Babel said his company offers certification to companies to ensure that they have adopted self-regulatory privacy protections and remedies to keep them compliant.
Any laws governing privacy must be developed through a stakeholder process and not be a “government top-down measure,” said Association for Competitive Technology Executive Director Morgan Reed. In February the White House tasked NTIA with developing legally enforceable codes of conduct for companies and organizations that handle personal data (CD Feb 24 p8). The agency will hold its first meeting on July 12 with privacy stakeholders to develop more transparent disclosures on how mobile apps treat their personal information.
House Judiciary Committee Ranking Member John Conyers, D-Mich., said he thought Congress ought to expand the FTC’s authority and power to take action against privacy violations. Currently, the FTC can only enforce violations of a company’s privacy policy under Section 5 of the FTC Act. “The FTC needs direct enforcement authority so it can take action against those who violate consumer privacy,” he said. The “FTC has a responsibility to ensure that competitors are not allowed to play by different rules.”
Reed did not directly endorse increased FTC enforcement authority but said it is “critical” for the agency to have the resources available to protect consumers. “There is a carrot and a stick,” he said. “Industry self-regulation is the carrot.” If companies comply, “they won’t get the stick.” Reed specifically called out Google’s collection of consumer information over Wi-Fi routers as an area where regulation is needed to curb misbehavior. “Google hasn’t been transparent and that is an area where they need to improve or regulators need to step in.” Google rival Microsoft is a “sponsor member” of ACT.
CEA said it supported federal privacy laws in the areas of identity theft, healthcare and child safety, but said the evidence for other data privacy laws was “lacking.” “Data collected electronically provides enormous consumer benefits and services,” the group said in a letter that was submitted into the record. “As such, we must believe that any discussion of the supposed harm must also be measured alongside the advantages afforded by the rich and often-times free innovations available online.” The group also urged lawmakers to embrace policies that do no harm and avoid reshaping the mechanics of how the Internet functions.